Actually, I was wrong. Further testing shows that pam_access simply does
not work as advertised. Those Windows groups with spaces can't be used.
A similar configuration on CentOS does work.
Same with pam_listfile, which works on CentOS, doesn't on Debian. I'm
unsure where the problem is, Samba or PAM, and the logs are not very
helpful.
Laurent
Le 08/13/2010 06:15 PM, Laurent Blume a écrit :
Le 08/12/2010 06:25 PM, Camaleón a écrit :
Better "RTCM" → Read The *Correct* Manual
Well, «Correct» is a stretch.
I just found out that you need to put *exactly* this as a pam_access
parameter:
listsep = ,
If you don't put the spaces (as in the manual's example), then the
content of access.conf will be silently ignored, and everybody be
allowed to log in.
The line there looks like this:
-:ALL EXCEPT root,(ldapgroup),(DOMAIN+windows users):ALL
Replacing the remaining spaces by commas also works, but doesn't appear
to be necessary.
Laurent
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4c6a97a4.7090...@opensolaris.org